Reviewed: https://review.openstack.org/481008 Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas-dashboard/commit/?id=a767cef2ad7973696b1723e17f518cc6435aaacc Submitter: Jenkins Branch: master
commit a767cef2ad7973696b1723e17f518cc6435aaacc Author: Adit Sarfaty <[email protected]> Date: Thu Jul 6 15:09:07 2017 +0300 Fix FWaaS create/update rule with non-admin Creating and updating a shared rule is forbidden for non admin user. This patch makes sure the 'shared' attribute is disabled, and not added to the request body of the update request, so the request will not fail in neutron. Change-Id: I439947198bd9b0a647640f3f663ba7029b2507b4 Closes-Bug: #1699717 ** Changed in: neutron-fwaas-dashboard Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1699717 Title: Updating of firewall-rule while attached to firewall via non-admin user shows exception on Horizon Status in OpenStack Dashboard (Horizon): In Progress Status in Neutron FWaaS dashboard: Fix Released Bug description: Created non-admin user using below commands:- # openstack project create sam # openstack user create --password openstack --project acdc3b0348224a019878d628cc40681c sam-user # openstack role create user-role # openstack role add --project acdc3b0348224a019878d628cc40681c --user sam-user user-role Steps:- 1) Created firewall-rule 2) Created firewall policy and firewall-rule. 3) Created firewall and add firewall-policy to it 4) Now try to update firewall-rule using non-admin user it shows exception. Error: Failed to update rule fire-rule-sam: {u'protocol': u'tcp', u'description': u'', 'attributes_to_update': [u'protocol', u'name', u'enabled', u'source_ip_address', u'destination_ip_address', u'action', u'source_port', u'shared', u'destination_port', u'ip_version', u'description'], u'source_port': None, u'source_ip_address': None, u'destination_ip_address': None, 'firewall_policy_id': u'ce84a478-3eaf-45ba-9d00-2f82b90916e4', u'destination_port': None, 'id': u'86850f40-6b26-4849-8eb9-f65b4136cf87', u'name': u'fire-rule-sam', 'tenant_id': u'acdc3b0348224a019878d628cc40681c', u'enabled': True, u'action': u'allow', 'shared': False, 'project_id': u'acdc3b0348224a019878d628cc40681c', u'ip_version': 4} is disallowed by policy rule (rule:update_firewall_rule and rule:update_firewall_rule:shared) with {'project_id': u'acdc3b0348224a019878d628cc40681c', 'domain': None, 'project_name': u'sam', 'user_id': u'2e4470864c674331bec8b9f25d546e04', 'roles': [u'user-role'], 'user_domain_id': None, 'service_project_id': None, 'project_domain': None, 'tenant_id': u'acdc3b0348224a019878d628cc40681c', 'service_user_domain_id': None, 'service_project_domain_id': None, But issue doesn't comes when using cli command to update firewall-rules for non-admin user. Use credentials for non-admin tenant then run below command:- $ neutron firewall-rule-update 86850f40-6b26-4849-8eb9-f65b4136cf87 --protocol tcp --action reject Updated firewall_rule: 86850f40-6b26-4849-8eb9-f65b4136cf87 So above command via cli is executed fine but with horizon it shows issue. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1699717/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
